Threat Hunting Intern

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

Our summer internship program offers emerging cybersecurity professionals a unique opportunity to gain hands-on experience in threat hunting. As a Threat Hunting intern, you’ll be fully embedded within a team for 12 weeks, working alongside experienced hunters on actual investigations, learning the craft from the inside, and building skills that directly reflect what the industry demands.

• Customized Experience: We match qualified interns with projects and teams based on their interests and skill sets

• Real-World Hunts: Contribute meaningfully to live threat hunting operations, not simulated exercises

• Dedicated Mentorship: Receive one-on-one guidance from experienced senior threat hunters

• Full Team Integration: Experience what it is truly like to work in a mature security team by becoming a valued contributor from day one

You will be joining a threat hunting team focused on hypothesis-driven detection of adversary activity across client environments. The team’s mission is to surface what automated tools miss: the subtle, low-and-slow behaviors that signal a determined attacker. As an intern, you will support senior hunters across every phase of the hunt lifecycle, learning by doing and contributing real work to ongoing investigations.
As a Threat Hunting Intern, you’ll:

•       Support senior threat hunters in executing structured hunt missions from initial hypothesis through to final reporting, participating in every phase of the process

•       Conduct searches and queries across SIEM and EDR platforms to surface anomalous behaviors and gather evidence to validate or refute active hunt hypotheses

•       Assist in organizing and maintaining hunt hypothesis logs, tracking the reasoning behind each hypothesis, the data sources queried, and the outcomes as hunts progress

•       Validate hunt results by cross-referencing detections against environmental baselines, threat intelligence, and known-good behavior, distinguishing true positives from noise and documenting your reasoning clearly

•       Contribute to the drafting of final hunt reports, helping to summarize methodology, findings, and recommendations in a format suitable for both technical team members and non-technical readers

•       Communicate the results of completed hunts internally, presenting findings in written summaries, team updates, or channel posts with appropriate technical clarity

•       Assist senior hunters in refining and testing detection queries, helping to identify edge cases, validate logic against real data, and suggest improvements based on observed patterns

•       Support triage and contextualization of security findings that surface during hunt operations, helping to prioritize and document what matters

•       Contribute to team knowledge resources by helping document search patterns, field references, hunt playbooks, and lessons learned from completed hunts

•       Stay current on emerging threats and adversary techniques, bringing relevant threat intelligence into hypothesis discussions and helping connect external context to active hunt priorities

• Currently pursuing a degree in Cybersecurity, Computer Science, Information Systems, or a related field; or equivalent demonstrated experience through self-study, competitions, or independent work

• Demonstrated interest in cybersecurity evidenced through personal projects, CTF participation, home labs, coursework, or active engagement with the security community

• Foundational understanding of networking concepts including TCP/IP, DNS, and common protocols, with an ability to recognize when traffic or behavior looks out of place

• Basic familiarity with Windows and/or Linux operating systems: understanding of processes, file systems, and logs at a level that supports security investigation

• Some exposure to query languages such as KQL, SPL, SQL, or similar; comfort writing structured searches to filter and investigate data is a strong advantage

• Awareness of attacker tactics, techniques, and procedures (TTPs) and familiarity with frameworks such as MITRE ATT&CK at a conceptual level

• Strong written communication skills, as you will be contributing to internal findings summaries and hunt reports read by experienced practitioners

• Detail-oriented and curious working style: the ability to follow evidence methodically, ask the next question, and challenge initial assumptions is central to this work

• Comfortable working under the direction of senior team members, asking questions, communicating findings proactively, and flagging blockers early

• Any prior exposure to security tooling such as a SIEM, EDR, or log analysis platform is a plus, but not required; we will teach you what you need

Duration: 12 weeks

Location: Remote

Reports to: Senior Threat Hunter